-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP: changes for sarif format #48
base: main
Are you sure you want to change the base?
Conversation
43e0ca9
to
6429ff5
Compare
changing version of testify removed stretchr from go.sum correcting dependencies in go.mod changing function call to support older version of go
6429ff5
to
e738946
Compare
Codecov Report
@@ Coverage Diff @@
## main #48 +/- ##
==========================================
- Coverage 35.74% 33.07% -2.67%
==========================================
Files 23 24 +1
Lines 831 901 +70
==========================================
+ Hits 297 298 +1
- Misses 506 575 +69
Partials 28 28
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Crashing on 0 Vulnerabilities/Issues
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor fixes
"regexp" | ||
"strings" | ||
) | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// RegexDependencyLocator --relevant comment-- |
In Golang, every exported member has a relevant comment
EndIndices []int | ||
DependencyNodeIndex []int | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// ProcessSarif -- a valid comment can be added-- |
ditto for other exported members
report, err := sarif.New(sarif.Version210) | ||
|
||
if err != nil { | ||
log.Fatal().Msg("Error forming SARIF respose") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fatal exits with exit code 1, will not go to the next step
func (r *RegexDependencyLocator) SetUp(manifestFilePath string, ecosystem string) error{ | ||
content, err := ioutil.ReadFile(manifestFilePath) | ||
if err != nil { | ||
log.Fatal().Msg("Unable to load manifest File " + manifestFilePath) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ditto
} | ||
} | ||
|
||
report.Write(os.Stdout) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
report.Write(os.Stdout) | |
err = report.Write(os.Stdout) | |
if err != nil { | |
return false, err | |
} |
|
||
} | ||
|
||
func (r *RegexDependencyLocator) LocateDependency(dependency string) (int, int){ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i feel LocateDependency
is not imported outside of this package, No point in exporting it.
It should be locateDependency
} | ||
|
||
|
||
func (r *RegexDependencyLocator) SetUp(manifestFilePath string, ecosystem string) error{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ditto, can be setUp
All non-exported members start with lowercase letter
@arajkumar @deepak1725 This is a WIP PR, i wanted some feedback on the approach.
This implements the SARIF output for maven, npm and python. GoLang need to be incorporated.
Command : crda analyse -v -s